CN115859389B - Software serial number authorization method and system based on privately-distributed deployment - Google Patents

Software serial number authorization method and system based on privately-distributed deployment Download PDF

Info

Publication number
CN115859389B
CN115859389B CN202310126454.2A CN202310126454A CN115859389B CN 115859389 B CN115859389 B CN 115859389B CN 202310126454 A CN202310126454 A CN 202310126454A CN 115859389 B CN115859389 B CN 115859389B
Authority
CN
China
Prior art keywords
software
serial number
equipment
preset
time stamp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310126454.2A
Other languages
Chinese (zh)
Other versions
CN115859389A (en
Inventor
徐同明
于兆洋
林卉
王思源
孙帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur General Software Co Ltd
Original Assignee
Inspur General Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur General Software Co Ltd filed Critical Inspur General Software Co Ltd
Priority to CN202310126454.2A priority Critical patent/CN115859389B/en
Publication of CN115859389A publication Critical patent/CN115859389A/en
Application granted granted Critical
Publication of CN115859389B publication Critical patent/CN115859389B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The application discloses a software serial number authorization method and a system based on privately-arranged, which belong to the technical field of data processing and are used for solving the technical problem that the software serial number authorization flexibility is poor when privately-arranged, and the method comprises the following steps: the method comprises the steps that an application device obtains a preset unique first device identifier and a current first timestamp of the device; encrypting the first equipment identifier and the first timestamp to generate a machine code; decrypting the machine code by the authorization device to obtain a second device identifier and a second timestamp; determining a validity time stamp corresponding to the second time stamp; determining software function module information supported by the second device identifier; encrypting the second equipment identifier, the validity time stamp and the software function module information to obtain a software serial number; and the application equipment checks the software serial number according to the first equipment identifier and the first timestamp to determine that the software serial number is in an authorized state. The software serial number authorizes secure and flexible applications.

Description

Software serial number authorization method and system based on privately-distributed deployment
Technical Field
The application relates to the technical field of data processing, in particular to a software serial number authorization method and system based on privatization deployment.
Background
When a client purchases software, various software authorized authority control methods, such as member vip system, purchase according to a functional module, online activation code and the like, can be selected, the client authority information is stored in a certain server of a software service provider, and can be validated only by accessing the Internet by the client, and cannot be applied in a private deployment mode of disconnection.
For example, the scenarios involved in purchasing software by a customer may include: if the enterprise needs personalized customization, the software package customized for the client A is not applicable in the enterprise of the client B, and the authorization limitation is not made at all; or the buying-off type software is used for life, the paper contract is assisted to limit the use of other clients, and the authorization limit is not needed; or a software package matching a serial number scheme, the serial number and the activation code are used together during activation, but networking verification is needed.
However, as traditional manufacturing enterprises begin to promote informationized transformation, industrial software is applied in the production process. In the implementation process of industrial software, enterprises with certain requirements on confidentiality can be met, a site server is only connected with an enterprise internal network, the site server is forbidden to be connected with an external internet, the operation requirement of a computer room server is strict, only designated network management personnel are allowed to enter the computer room, under the condition, proprietary deployment of the software is needed, the site server cannot be connected with the internet, and certain difficulty is brought to authorization control of the software, at the moment, only a buying-off type authority control method is usually adopted, the cost of a client is high, the use of other clients is limited, and therefore bad experience is brought to the user.
Based on the above, if the proprietary deployment of the software is required and the internet cannot be connected, the security control difficulty of the software serial number authorization is high and the flexibility is poor in an application scene of the proprietary deployment.
Disclosure of Invention
The embodiment of the application provides a software serial number authorization method and system based on privately-arranged, which are used for solving the problem that for enterprises with confidentiality requirements, a field server of the enterprise is only connected with an enterprise internal network, and the connection with an external Internet is forbidden. At this time, if the software is required to be privately deployed and cannot be connected to the internet, the problem that the security control difficulty of software serial number authorization is high and the flexibility is poor will be caused in the application scene of privately deployed.
The embodiment of the application adopts the following technical scheme:
in one aspect, an embodiment of the present application provides a software serial number authorization method based on privately deployed, which is applied to a software serial number authorization system, where the system includes an application device and an authorization device, and the method includes: the application equipment receives a software serial number acquisition request of software; acquiring a preset unique first equipment identifier and a current first timestamp of equipment; wherein the first device identifier is a system serial number of the application device; encrypting the first equipment identifier and the first timestamp according to a preset public key, generating a machine code, and transmitting the machine code to the authorization equipment through a third party transmission medium; the authorization equipment decrypts the machine code according to a preset private key to obtain a second equipment identifier and a second timestamp; the preset public key and the preset private key are public-private key pairs obtained through asymmetric encryption; determining a validity period time stamp corresponding to the second time stamp according to a preset validity period value; wherein the validity time stamp is later than the second time stamp; determining software function module information supported by the second device identification; encrypting the second equipment identifier, the valid period time stamp and the software function module information according to the preset private key to obtain a software serial number, and sending the software serial number to the application equipment; the application equipment receives a first activation request of software, and the software serial number is checked according to the first equipment identifier and the first timestamp; after the verification is passed, determining that the software serial number is in an authorized state so as to activate the software for the first time.
In one example, the application device checks the software serial number according to the first device identifier and the first timestamp, and specifically includes: the application equipment decrypts the software serial number according to the preset public key to obtain the second equipment identifier, the valid period time stamp and the software function module information; judging whether the first equipment identifier is consistent with the second equipment identifier;
if yes, judging whether the time difference between the validity period time stamp and the first time stamp is smaller than a preset validity period value or not; if yes, determining that the software serial number passes verification.
In one example, the method further comprises: if the first equipment identifier is inconsistent with the second equipment identifier, the application equipment determines that the software serial number verification fails, and prompts the software serial number to be in an unauthorized state in a front-end user interface; the method further comprises the steps of: if the time difference between the validity period time stamp and the first time stamp is greater than or equal to a preset validity period value; the application device determines that the software serial number verification fails and prompts the software serial number to be in an unauthorized state at the front-end user interface.
In one example, before determining the validity time stamp corresponding to the second time stamp according to the preset validity value, the method further includes: the authorization device judges whether the application device is a virtual machine according to the prefix of the second device identifier; if yes, a notification of whether to confirm to continue to acquire the software serial number is sent to the application equipment so as to receive the confirmation information of the application equipment.
In one example, the method further comprises: if the application device is a non-virtual machine and/or after receiving the confirmation information of the application device, the authorization device determines a time difference value between the second time stamp and the current time; and comparing the time difference value with a preset difference value threshold value to determine that the time difference value does not exceed the preset difference value threshold value.
In one example, the encrypting the first device identifier and the first timestamp according to a preset public key, and generating a machine code specifically includes: the application equipment combines the first equipment identifier and the first timestamp according to a preset data structure combination to generate a first data structure character string; inserting the first timestamp into a preset position in the first data structure character string to generate a second data structure character string; and encrypting the second data structure character string according to a preset public key to generate the machine code.
In one example, the encrypting the second device identifier, the validity period timestamp and the software function module information according to the preset private key to obtain a software serial number specifically includes: the authorization equipment carries out Base64 coding on the second equipment identifier to obtain first transcoding information of the second equipment identifier; randomly generating a universal unique identification code through the Go language, and randomly generating an asymmetrically encrypted random private key and a random public key; performing four-rule mixed operation on the valid period time stamp to obtain an operation result, and performing Base64 coding on the operation result to obtain second transcoding information of the valid period time stamp; carrying out reversible encryption on the software functional module to generate encryption information of the software functional module; encrypting the first transcoding information, the universal unique identification code, the second transcoding information and the encryption information of the software functional module according to the random private key to obtain an encryption character string;
and encrypting the encrypted character string and the random public key according to the preset private key to obtain a software serial number.
In one example, after the first activation of the software, the method further includes: the application equipment stores the software function module information into a database, and stores the software serial number into a specified folder; triggering the test request of the software serial number according to a preset test triggering condition; reading the software serial number from the specified folder, and checking the software serial number according to the first equipment identifier and the first timestamp; if the software serial number passes the verification, acquiring the information of an operation function module of the software; reading the software function module information from the database, and comparing the software function module information with the operation function module information; and if the software function module information is consistent with the operation function module information, determining that the software is in an allowable operation state.
In one example, after the first activation of the software, the method further includes: the authorization equipment acquires updated software function module information; encrypting the second equipment identifier, the valid period time stamp and the updated software function module information according to the preset private key to obtain an updated software serial number, and sending the updated software serial number to the application equipment; the application equipment receives an update request of software, and checks the updated software serial number according to the first equipment identifier and the first timestamp; after the verification is passed, determining that the updated software serial number is in an authorized state, and carrying out function update on the software according to the updated software function module information.
In another aspect, a software serial number authorization system based on privately deployed is characterized in that the system comprises an application device and an authorization device; the application equipment is used for receiving a software serial number acquisition request of software; acquiring a preset unique first equipment identifier and a current first timestamp of equipment; wherein the first device identifier is a system serial number of the application device; encrypting the first equipment identifier and the first timestamp according to a preset public key, generating a machine code, and transmitting the machine code to the authorization equipment through a third party transmission medium; the authorization equipment is used for decrypting the machine code according to a preset private key to obtain a second equipment identifier and a second timestamp; the preset public key and the preset private key are public-private key pairs obtained through asymmetric encryption; determining a validity period time stamp corresponding to the second time stamp according to a preset validity period value; wherein the validity time stamp is later than the second time stamp; determining software function module information supported by the second device identification; encrypting the second equipment identifier, the valid period time stamp and the software function module information according to the preset private key to obtain a software serial number, and sending the software serial number to the application equipment; the application device is further configured to receive a first activation request of software, and verify the software serial number according to the first device identifier and the first timestamp;
after the verification is passed, determining that the software serial number is in an authorized state so as to activate the software for the first time.
The above-mentioned at least one technical scheme that this application embodiment adopted can reach following beneficial effect:
by taking the system serial number of the application device as the unique identifier of the device, the method can realize that one device is difficult to tamper with or imitate and has uniqueness, and generates a public key encrypted machine code according to the first device identifier and the first timestamp, so that the cracking difficulty of the machine code is improved, and generates a private key encrypted software serial number according to the second device identifier, the validity period timestamp and the software function module information, thereby not only limiting the available functions and the validity period of the software, but also improving the cracking difficulty of the software serial number, adding a powerful protection for the software, and the software is strongly bound with the application device, so that one software serial number cannot be used by other application devices, enhancing the protection force of products, reducing the probability of the software being stolen and cracked, and realizing that only the machine code and the software serial number are exchanged between the application device and the authorization device, and the method can be flexibly and safely applied in a private deployment mode and an intranet network breaking environment.
Drawings
In order to more clearly illustrate the technical solutions of the present application, some embodiments of the present application will be described in detail below with reference to the accompanying drawings, in which:
fig. 1 is a schematic flow chart of a software serial number authorization method based on privately deployed embodiments of the present application.
Detailed Description
For the purposes, technical solutions and advantages of the present application, the technical solutions of the present application will be clearly and completely described below with reference to specific embodiments and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
Some embodiments of the present application are described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic flow chart of a software serial number authorization method based on privately deployed embodiments of the present application. The method can be applied to different business fields, such as the internet financial business field, the electric business field, the instant messaging business field, the game business field, the public business field and the like. The process may be adjusted by computing devices in the respective domain, with some input parameters or intermediate results in the process allowing manual intervention to help improve accuracy.
The flow in fig. 1 may include the steps of:
s101: the application device receives a software serial number acquisition request of software.
In some embodiments of the present application, an application scenario is a privately deployed software serial number authorization system, where the system includes an application device and an authorization device.
Wherein a user at the application device side transmits the software package to the application device through a related device (for example, a usb disk). Based on the operation of the user, the application device installs the software according to the software package, and after the application device successfully installs the software, the application device needs to acquire the software serial number authorized by the authorization device, so that based on the operation of the user, the application device receives a software serial number acquisition request of the software.
S102: acquiring a preset unique first equipment identifier and a current first timestamp of equipment; wherein the first device identifier is a system serial number of the application device.
It should be noted that in the prior art, there are many ways to forge the MAC address if the MAC address of the application device is switched, for example, the MAC address is forged by a dock container, and the MAC address can be set manually when the container is started, because the MAC address is sensitive information, and the MAC address sequence is changed if the network cards are switched. Thus, instead of using a MAC address, a system serial number is used as the device identification of the application device.
And reading the system serial number through a preset command line. The system serial numbers are different in the win system and the linux system, but have uniqueness and cannot be set.
S103: encrypting the first equipment identifier and the first time stamp according to a preset public key, generating a machine code, and transmitting the machine code to the authorization equipment through a third party transmission medium.
Wherein the first timestamp may then be used as a timestamp for generating the machine code.
It should be noted that the third party transmission medium may include a first transmission device corresponding to the application device and a second transmission device corresponding to the authorization device, where the first transmission device is capable of transmitting the machine code to the second transmission device, so that the machine code is sent to the authorization device through the second transmission device based on an operation of a user on the authorization device side. The first transmission device and the second transmission device may be mobile phones.
In some embodiments of the present application, asymmetric encryption is used, where a pair of public key private keys are used for asymmetric encryption, and data encrypted with a public key can only be decrypted with the private key, whereas data encrypted with a private key can only be decrypted with the public key. The intensity of asymmetric encryption is positively correlated with the length of public and private key pairs, but too long can affect encryption and decryption efficiency. In general, 1024-length or 2048-length intensities are used, and a number between them can be randomly taken as the length.
When the software is developed, the development equipment can generate a pair of public and private key pairs through a preset RSA encryption algorithm, software installed by the application equipment only comprises the public key and is driven into a software package, the public key cannot be exposed, the public key is written by the Go language, the Go language is mixed and shelled during packaging, an executable program obtained by packaging is not easy to decompile, in addition, the Go language is convenient to compile in a cross-platform mode, and the method is suitable for a plurality of systems and does not need to install an additional running environment.
In some embodiments of the present application, when a machine code is generated, a JSON data structure string may be generated according to a specific data structure combination, and then the JSON data structure string is processed, and then public key encryption is performed on the processed string, so that the cracking difficulty of the machine code may be improved, and the security of the machine code may be improved.
Specifically, the application device combines the first device identifier with the first timestamp according to a preset data structure combination to generate a first data structure character string, then inserts the first timestamp into a preset position in the first data structure character string to generate a second data structure character string, and finally encrypts the second data structure character string according to a preset public key to generate a machine code.
It should be noted that the first data structure string may be salted and the confusion field may be processed. The machine code is displayed in the web page by the Go back end and the web front end, can be copied and can be stored as a file.
S104: the authorization equipment decrypts the machine code according to a preset private key to obtain a second equipment identifier and a second timestamp; the preset public key and the preset private key are public-private key pairs obtained through asymmetric encryption.
In some embodiments of the present application, the authorization device employs a Go back-end plus web front-end, the front-end user page comprising: the system comprises a machine code input box, an authorization valid period input box, a checking box of a function module list, a software serial number generating button and a software serial number generating display box, so that the authorization equipment obtains corresponding information through a front-end user interface.
The authorization device is provided with a serial number generator, and a preset private key is stored in the serial number generator in advance.
After receiving the machine code, the authorization device stores the machine code in the serial number generator, so that the machine code is decrypted through a preset private key.
If decryption fails, a decryption failure prompt is returned to the application device.
S105: determining a validity period time stamp corresponding to the second time stamp according to a preset validity period value; wherein the validity time stamp is later than the second time stamp.
In some embodiments of the present application, when the application device has a virtual machine, the running performance is poor when the virtual machine installs software, and when the unique identifier of the application device is a system serial number, since the system serial number of the virtual machine has an obvious prefix, whether the virtual machine is present can be identified according to the system serial number.
Based on the above, before determining the validity time stamp corresponding to the second time stamp, the authorization device determines whether the application device is a virtual machine according to the prefix of the second device identifier.
If yes, a notification of whether to confirm to continue acquiring the software serial number is sent to the application equipment so as to receive the confirmation information of the application equipment.
Then, the authorization device determines a time difference between the second timestamp and the current time, compares the time difference with a preset difference threshold to determine that the time difference does not exceed the preset difference threshold, and then sets a validity period identifier for the second timestamp. The preset difference threshold is used to indicate the duration of the second timestamp from the current time, for example, if the preset time difference is 7 days, then the first 7 days of the second timestamp from the current time can be considered valid.
The second time stamp should be in the past time and not too long from the current time, and if the time difference exceeds the preset difference threshold, the second time stamp is too long from the current time.
And if the time difference exceeds the preset difference threshold, sending a time stamp expiration reminder to the application equipment.
It should be noted that, if the application device is a non-virtual machine, determining a time difference between the second timestamp and the current time is performed, and comparing the time difference with a preset difference threshold to determine whether the time difference exceeds the preset difference threshold.
In some embodiments of the present application, when the validity period timestamp of the second timestamp is set, the validity period input box may modify the validity time, so that the timestamps of different validity periods can be generated conveniently, and the authorization device selects a time point as the expiration time of the second timestamp according to the preset validity period value, so that the selected time point is used as the validity period timestamp. For example, if the validity period is one year, the time stamp after the second time stamp is one year is acquired as the validity period time stamp.
S106: and determining software function module information supported by the second device identification.
That is, the application device has a function right for the software and a use right for the function module that the user has purchased. Then the software developer may select the functional module in the list of functional modules that may be authorized.
S107: and encrypting the second equipment identifier, the valid period time stamp and the software function module information according to the preset private key to obtain a software serial number, and sending the software serial number to the application equipment.
In some embodiments of the present application, the second device identification, the expiration time stamp, and the software functional module information are organized into a specific data structure for improving security of the software serial number. And then, encrypting the specific data structure according to the preset private key to obtain a software serial number, thereby further improving the imitation difficulty of the software serial number.
Specifically, the authorization device performs Base64 encoding on the second device identifier to obtain first transcoding information of the second device identifier. And randomly generating a universal unique identification code through the Go language, and randomly generating an asymmetrically encrypted random private key and random public key. And performing four-rule mixed operation on the validity period time stamp to obtain an operation result, and performing Base64 coding on the operation result to obtain second transcoding information of the validity period time stamp. And carrying out reversible encryption on the software functional module to generate encryption information of the software functional module.
And then, encrypting the first transcoding information, the universal unique identification code, the second transcoding information and the encryption information of the software functional module according to the random private key to obtain an encryption character string.
And finally, encrypting the encrypted character string and the random public key according to the preset private key to obtain the software serial number.
It should be noted that, in software of the application device, corresponding restoration logic for analyzing the specific data structure needs to be added in advance.
It should be noted that, the software serial number may be sent to the application device through the third party transmission medium in S103, and the specific process will not be described in detail here.
S108: and the application equipment receives a first activation request of the software and checks the software serial number according to the first equipment identifier and the first timestamp.
In some embodiments of the present application, the application device decrypts the software serial number according to the preset public key when receiving the first activation request of the software based on the operation of the user on the front-end user interface, to obtain the second device identifier, the validity period timestamp, and the software function module information.
If the decryption fails, a decryption failure prompt is fed back to the front-end user interface of the user.
Then, it is determined whether the first device identification is consistent with the second device identification. That is, the application device checks whether the device identification transmitted by the authorizing device is identical to the device identification transmitted to the authorizing device to prevent tampering.
If yes, judging whether the time difference between the validity period time stamp and the first time stamp is smaller than a preset validity period value. If yes, determining that the software serial number passes verification. If the time difference between the validity period time stamp and the first time stamp is greater than or equal to a preset validity period value, the validity period time stamp is invalid, the application equipment determines that the software serial number check fails, and prompts that the software serial number is in an unauthorized state in a front-end user interface.
If the first equipment identifier is inconsistent with the second equipment identifier, the application equipment determines that the software serial number check fails, and prompts the software serial number to be in an unauthorized state in a front-end user interface.
S109: after the verification is passed, determining that the software serial number is in an authorized state so as to activate the software for the first time.
In some embodiments of the present application, it is necessary to periodically verify the authorization status of the software serial number after the first activation of the software. For example, if the expiration time stamp expires, i.e., if the expiration time of the software expires or is about to expire, to inform the user in advance.
Based on this, the application device stores the software function module information to the database, and stores the software serial number to the specified folder.
And triggering the test request of the software serial number according to a preset test triggering condition. The preset test triggering condition can be that the first page of the software is opened every time, the software is logged in every time, or the software background service is restarted every time, and the like.
And then, reading the software serial number from the appointed folder, judging whether the software serial number exists or not, and if the software serial number does not exist, judging that the software serial number is unauthorized.
If so, checking the software serial number according to the first equipment identifier and the first timestamp. It should be noted how to check the software serial number, see the content in S108.
And if the software serial number passes the verification, acquiring the information of the running function module of the software. Such as the ID or number of the running function module.
And reading the software function module information from the database, and comparing the software function module information with the operation function module information.
And if the software function module information is consistent with the operation function module information, determining that the software is in an allowable operation state. That is, when the function modules are consistent, it is indicated that the application terminal is using the authorized function module, and the unauthorized function module is not illegally used.
In some embodiments of the present application, there are situations where the software is actively updated, for example, an application device adds a software function module, so as to meet the requirement of more functions.
Based on the information, the authorization device obtains updated software function module information, encrypts the second device identifier, the validity period timestamp and the updated software function module information according to a preset private key, obtains an updated software serial number, and sends the updated software serial number to the application device.
The application device receives the update request of the software and checks the updated software serial number according to the first device identifier and the first timestamp.
After the verification is passed, determining that the updated software serial number is in an authorized state, and carrying out function update on the software according to the updated software function module information.
It should be noted that, the application device may also actively update the software serial number, for example, if the application device needs to extend the validity period of the software, then the application device needs to regenerate the machine code according to the updated first timestamp, and send the updated machine code to the authorization device to obtain the updated software serial number.
The method and the device realize that software deployed on the application equipment can acquire the machine code, the software serial number and the timing verification serial number even if the network is disconnected.
It should be noted that, although the embodiment of the present application is described with reference to fig. 1 to sequentially describe steps S101 to S109, this does not represent that steps S101 to S109 must be performed in strict order. The steps S101 to S109 are sequentially described according to the sequence shown in fig. 1 in order to facilitate the understanding of the technical solution of the embodiment of the present application by those skilled in the art. In other words, in the embodiment of the present application, the sequence between step S101 to step S109 may be appropriately adjusted according to actual needs.
By using the method of fig. 1, on the premise that a system serial number of an application device is used as a unique identifier of the device, the device is not easy to tamper with or imitate and has uniqueness, a public key encrypted machine code is generated according to a first device identifier and a first time stamp, the cracking difficulty of the machine code is improved, a private key encrypted software serial number is generated according to a second device identifier, a valid period time stamp and software function module information, the available function and the valid period of software are limited, the cracking difficulty of the software serial number is also improved, a strong protection is added for the software, the software is strongly bound to the application device, one software serial number cannot be used by other application devices, the protection force of a product is enhanced, the probability that the software is stolen and cracked is reduced, and therefore, the flexible and safe application can be realized in a private deployment mode and an intranet network environment.
Further, if the industrial and manufacturing type software involves a large amount of production control information, the requirement on time accuracy is very high, if a user chooses to delay the first time stamp to the future time so as to prolong the authorization time of the software serial number, a large amount of time verification existing in the software function can cause abnormal function circulation, the function cannot be reimbursed, in fact, a complex software system with large data access quantity and high requirement on time accuracy should be used on the premise that the time stamp is accurate, the time of a client server is uniform, otherwise, the function is necessarily influenced, therefore, the first time stamp in the method is used as a standard, the validity period of the software serial number is measured through the validity period time stamp, and the situation that the software time stamp is cheated can be effectively avoided.
Based on the same thought, some embodiments of the present application also provide corresponding systems as described above.
A software serial number authorization system based on privatization deployment, which comprises application equipment and authorization equipment;
the application equipment is used for receiving a software serial number acquisition request of software;
acquiring a preset unique first equipment identifier and a current first timestamp of equipment; wherein the first device identifier is a system serial number of the application device;
encrypting the first equipment identifier and the first timestamp according to a preset public key, generating a machine code, and transmitting the machine code to the authorization equipment through a third party transmission medium;
the authorization equipment is used for decrypting the machine code according to a preset private key to obtain a second equipment identifier and the second timestamp; the preset public key and the preset private key are public-private key pairs obtained through asymmetric encryption;
determining a validity period time stamp corresponding to the second time stamp according to a preset validity period value; wherein the validity time stamp is later than the second time stamp;
determining software function module information supported by the second device identification;
encrypting the second equipment identifier, the valid period time stamp and the software function module information according to the preset private key to obtain a software serial number, and sending the software serial number to the application equipment;
the application device is further configured to receive a first activation request of software, and verify the software serial number according to the first device identifier and the first timestamp;
after the verification is passed, determining that the software serial number is in an authorized state so as to activate the software for the first time.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the technical principles of the present application should fall within the protection scope of the present application.

Claims (10)

1. A software serial number authorization method based on privately deployed, which is characterized by being applied to a software serial number authorization system, wherein the system comprises application equipment and authorization equipment, and the method comprises the following steps:
the application equipment receives a software serial number acquisition request of software;
acquiring a preset unique first equipment identifier and a current first timestamp of equipment; wherein the first device identifier is a system serial number of the application device;
encrypting the first equipment identifier and the first timestamp according to a preset public key, generating a machine code, and transmitting the machine code to the authorization equipment through a third party transmission medium;
the authorization equipment decrypts the machine code according to a preset private key to obtain a second equipment identifier and a second timestamp; the preset public key and the preset private key are public-private key pairs obtained through asymmetric encryption;
determining a validity period time stamp corresponding to the second time stamp according to a preset validity period value; wherein the validity time stamp is later than the second time stamp;
determining software function module information supported by the second device identification;
encrypting the second equipment identifier, the valid period time stamp and the software function module information according to the preset private key to obtain a software serial number, and sending the software serial number to the application equipment;
the application equipment receives a first activation request of software, and the software serial number is checked according to the first equipment identifier and the first timestamp;
after the verification is passed, determining that the software serial number is in an authorized state so as to activate the software for the first time.
2. The method according to claim 1, wherein the application device verifies the software serial number according to the first device identification and the first timestamp, specifically comprising:
the application equipment decrypts the software serial number according to the preset public key to obtain the second equipment identifier, the valid period time stamp and the software function module information;
judging whether the first equipment identifier is consistent with the second equipment identifier;
if yes, judging whether the time difference between the validity period time stamp and the first time stamp is smaller than a preset validity period value or not;
if yes, determining that the software serial number passes verification.
3. The method according to claim 2, wherein the method further comprises:
if the first equipment identifier is inconsistent with the second equipment identifier, the application equipment determines that the software serial number verification fails, and prompts the software serial number to be in an unauthorized state in a front-end user interface;
the method further comprises the steps of:
if the time difference between the validity period time stamp and the first time stamp is greater than or equal to a preset validity period value;
the application device determines that the software serial number verification fails and prompts the software serial number to be in an unauthorized state at the front-end user interface.
4. The method according to claim 1, wherein before determining the validity time stamp corresponding to the second time stamp according to the preset validity value, the method further comprises:
the authorization device judges whether the application device is a virtual machine according to the prefix of the second device identifier;
if yes, a notification of whether to confirm to continue to acquire the software serial number is sent to the application equipment so as to receive the confirmation information of the application equipment.
5. The method according to claim 4, wherein the method further comprises:
if the application device is a non-virtual machine and/or after receiving the confirmation information of the application device, the authorization device determines a time difference value between the second time stamp and the current time;
and comparing the time difference value with a preset difference value threshold value to determine that the time difference value does not exceed the preset difference value threshold value.
6. The method according to claim 1, wherein encrypting the first device identifier and the first timestamp according to a preset public key generates a machine code, specifically comprising:
the application equipment combines the first equipment identifier and the first timestamp according to a preset data structure combination to generate a first data structure character string;
inserting the first timestamp into a preset position in the first data structure character string to generate a second data structure character string;
and encrypting the second data structure character string according to a preset public key to generate the machine code.
7. The method according to claim 1, wherein encrypting the second device identifier, the validity period timestamp, and the software function module information according to the preset private key, to obtain a software serial number specifically includes:
the authorization equipment carries out Base64 coding on the second equipment identifier to obtain first transcoding information of the second equipment identifier;
randomly generating a universal unique identification code through the Go language, and randomly generating an asymmetrically encrypted random private key and a random public key;
performing four-rule mixed operation on the valid period time stamp to obtain an operation result, and performing Base64 coding on the operation result to obtain second transcoding information of the valid period time stamp;
carrying out reversible encryption on the software functional module to generate encryption information of the software functional module;
encrypting the first transcoding information, the universal unique identification code, the second transcoding information and the encryption information of the software functional module according to the random private key to obtain an encryption character string;
and encrypting the encrypted character string and the random public key according to the preset private key to obtain a software serial number.
8. The method of claim 1, wherein after the first activation of the software, the method further comprises:
the application equipment stores the software function module information into a database, and stores the software serial number into a specified folder;
triggering the test request of the software serial number according to a preset test triggering condition;
reading the software serial number from the specified folder, and checking the software serial number according to the first equipment identifier and the first timestamp;
if the software serial number passes the verification, acquiring the information of an operation function module of the software;
reading the software function module information from the database, and comparing the software function module information with the operation function module information;
and if the software function module information is consistent with the operation function module information, determining that the software is in an allowable operation state.
9. The method of claim 1, wherein after the first activation of the software, the method further comprises:
the authorization equipment acquires updated software function module information;
encrypting the second equipment identifier, the valid period time stamp and the updated software function module information according to the preset private key to obtain an updated software serial number, and sending the updated software serial number to the application equipment;
the application equipment receives an update request of software, and checks the updated software serial number according to the first equipment identifier and the first timestamp;
after the verification is passed, determining that the updated software serial number is in an authorized state, and carrying out function update on the software according to the updated software function module information.
10. A software serial number authorization system based on privatization deployment, which is characterized by comprising application equipment and authorization equipment;
the application equipment is used for receiving a software serial number acquisition request of software;
acquiring a preset unique first equipment identifier and a current first timestamp of equipment; wherein the first device identifier is a system serial number of the application device;
encrypting the first equipment identifier and the first timestamp according to a preset public key, generating a machine code, and transmitting the machine code to the authorization equipment through a third party transmission medium;
the authorization equipment is used for decrypting the machine code according to a preset private key to obtain a second equipment identifier and a second timestamp; the preset public key and the preset private key are public-private key pairs obtained through asymmetric encryption;
determining a validity period time stamp corresponding to the second time stamp according to a preset validity period value; wherein the validity time stamp is later than the second time stamp;
determining software function module information supported by the second device identification;
encrypting the second equipment identifier, the valid period time stamp and the software function module information according to the preset private key to obtain a software serial number, and sending the software serial number to the application equipment;
the application device is further configured to receive a first activation request of software, and verify the software serial number according to the first device identifier and the first timestamp;
after the verification is passed, determining that the software serial number is in an authorized state so as to activate the software for the first time.
CN202310126454.2A 2023-02-17 2023-02-17 Software serial number authorization method and system based on privately-distributed deployment Active CN115859389B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310126454.2A CN115859389B (en) 2023-02-17 2023-02-17 Software serial number authorization method and system based on privately-distributed deployment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310126454.2A CN115859389B (en) 2023-02-17 2023-02-17 Software serial number authorization method and system based on privately-distributed deployment

Publications (2)

Publication Number Publication Date
CN115859389A CN115859389A (en) 2023-03-28
CN115859389B true CN115859389B (en) 2023-04-28

Family

ID=85658272

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310126454.2A Active CN115859389B (en) 2023-02-17 2023-02-17 Software serial number authorization method and system based on privately-distributed deployment

Country Status (1)

Country Link
CN (1) CN115859389B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102314572A (en) * 2011-10-14 2012-01-11 迈普通信技术股份有限公司 Registration information file generation method and device, and use authorization method of application software
CN110213248A (en) * 2019-05-20 2019-09-06 武汉市灯塔互动文化传播有限公司 Authorization method and device under a kind of offline environment
CN110348181A (en) * 2019-07-15 2019-10-18 广东名阳信息科技有限公司 A kind of method of verification software right to use legitimacy
CN110572396A (en) * 2019-09-10 2019-12-13 广州创维平面显示科技有限公司 method and system for controlling function use authorization
CN111881424A (en) * 2020-08-03 2020-11-03 上海英方软件股份有限公司 License authorization method and device based on machine identification code
WO2021128244A1 (en) * 2019-12-27 2021-07-01 威创集团股份有限公司 Registration authorization method and system
CN113553629A (en) * 2021-09-18 2021-10-26 新大陆数字技术股份有限公司 Hardware authorization method and system
CN115563588A (en) * 2022-10-26 2023-01-03 杭州微帧信息科技有限公司 Software offline authentication method and device, electronic equipment and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19950249C1 (en) * 1999-10-18 2001-02-01 Siemens Ag Electronic device with software protection for runtime software for automated systems
CN114626025A (en) * 2020-12-09 2022-06-14 台达电子工业股份有限公司 Software authorization verification method used in offline environment

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102314572A (en) * 2011-10-14 2012-01-11 迈普通信技术股份有限公司 Registration information file generation method and device, and use authorization method of application software
CN110213248A (en) * 2019-05-20 2019-09-06 武汉市灯塔互动文化传播有限公司 Authorization method and device under a kind of offline environment
CN110348181A (en) * 2019-07-15 2019-10-18 广东名阳信息科技有限公司 A kind of method of verification software right to use legitimacy
CN110572396A (en) * 2019-09-10 2019-12-13 广州创维平面显示科技有限公司 method and system for controlling function use authorization
WO2021128244A1 (en) * 2019-12-27 2021-07-01 威创集团股份有限公司 Registration authorization method and system
CN111881424A (en) * 2020-08-03 2020-11-03 上海英方软件股份有限公司 License authorization method and device based on machine identification code
CN113553629A (en) * 2021-09-18 2021-10-26 新大陆数字技术股份有限公司 Hardware authorization method and system
CN115563588A (en) * 2022-10-26 2023-01-03 杭州微帧信息科技有限公司 Software offline authentication method and device, electronic equipment and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Rizwana Shaher Bano 等.COTS based multichannel FM receiver and recorder using SDR concept.《2013 IEEE 20th International Conference on Electronics, Circuits, and Systems (ICECS)》.2014,第213-216页. *
周敏 等.基于机器特征码和时间戳的软件注册机制的设计与实现.《 科学技术创新》.2020,(第19期),第65-66页. *

Also Published As

Publication number Publication date
CN115859389A (en) 2023-03-28

Similar Documents

Publication Publication Date Title
CN103067401B (en) Method and system for key protection
CN110162936A (en) A kind of use authorization method of software content
CN107508791B (en) Terminal identity verification method and system based on distributed key encryption
CN111884811B (en) Block chain-based data evidence storing method and data evidence storing platform
CN1937498A (en) Dynamic cipher authentication method, system and device
CN110401613B (en) Authentication management method and related equipment
CN112257093B (en) Authentication method, terminal and storage medium for data object
CN112699353B (en) Financial information transmission method and financial information transmission system
CN112291201B (en) Service request transmission method and device and electronic equipment
CN112865965B (en) Train service data processing method and system based on quantum key
CN111130798A (en) Request authentication method and related equipment
CN112765626A (en) Authorization signature method, device and system based on escrow key and storage medium
CN113890724A (en) Access authentication method and system for power Internet of things communication equipment
CN115859389B (en) Software serial number authorization method and system based on privately-distributed deployment
CN111523128B (en) Information protection method, system, electronic equipment and medium
CN115225286A (en) Application access authentication method and device
CN112084485B (en) Data acquisition method, device, equipment and computer storage medium
CN114598478B (en) Data encryption method, device, electronic equipment and storage medium
CN110972141B (en) Information verification method and device, electronic equipment and readable storage medium
CN114500032B (en) Method for starting router debugging mode
CN110249330A (en) The method of the unauthorized copy of security token for identification
CN113672898B (en) Service authorization method, authorization device, system, electronic device and storage medium
CN112737790B (en) Data transmission method and device, server and client terminal
CN109951319B (en) Method for backing up lock of manager of encryption equipment and encryption equipment
CN117519597A (en) Virtual disk management and control method, device, electronic equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant